Release LoadGen Api, Appliance and MCP Server: 1.0.0.12038
Release LoadGen Api, Appliance and MCP Server: 1.0.0.12038
LoadGen General
Platform upgraded to .NET 10 (LTS). The entire LoadGen Headless platform (API, MCP Server, appliance agent, background workers and containers) now runs on .NET 10, the current Long-Term-Support release supported into late 2028; .NET 8 reaches end of support on 2026-11-10. The appliance agent now ships self-contained with its own runtime, which removes a runtime-installation dependency during upgrades and in air-gapped environments, and the container base images move to Ubuntu 24.04. No configuration or API changes are required.
LoadGen Api
SessionSight — session triage and organization. Sessions can now be marked as favorites and watched per user (the state survives signing out and back in), annotated with team-visible timestamped notes, and filtered by applying a saved segment or ad-hoc conditions directly to the sessions list. The list also gained new sort options (event count, distinct pages, duration) and has notes / favorites only / unwatched only filters.
SessionSight — behavioral analytics. Sessions now carry frustration signals (rage click, dead click, quick back, excessive scroll, JavaScript error) that you can filter on; smart events are detected automatically with no code changes (purchase, add-to-cart, begin-checkout, contact-us, submit-form, request-quote, sign-up, login, download); heatmaps gained new area (per-element click attention) and conversion map types; and AI session summaries can be generated per session or across a group of sessions through your configured AI connection.
SessionSight — live recordings, privacy and Google Analytics. Recordings now stream in while a session is still active (live replay tail). A site-wide privacy masking posture (Strict / Balanced / Relaxed) plus per-element masking is enforced at capture by the tracker, which also now captures JavaScript errors and reliably sends final events when a page is closed or navigated away. An optional Google Analytics 4 integration exposes GA metrics through a server-side proxy so you can drill from a GA number to the matching recordings; the GA service-account key is encrypted at rest and never exposed to the browser.
[#9096] Fixed the "Monitor Azure Function invocations via Azure Monitor" toggle not being saved when creating or editing an uptime check. The toggle and its settings (Azure resource id, lookback window and thresholds) now persist and take effect.
[#9103] Completed Azure Function invocation monitoring end-to-end. The check now actually runs the Azure Monitor query, the Test & Inspect result shows the real invocation count and error rate instead of a perpetual amber "No invocation metrics returned" hint, and a genuine authentication or configuration failure now surfaces the real Azure error message. An idle function is also no longer flagged as failing: the minimum-expected-invocations check now defaults to off (set a positive value to be alerted when a function stops being invoked).
[#9097] Fixed editing a Service-Principal-authenticated Azure Function uptime check wiping the stored client secret. Leaving the secret blank on edit now keeps the saved value.
[#9111] Fixed the uptime check Test & Inspect dry-run failing for an Azure Function check unless the client secret was retyped. The stored secret is now carried forward when testing an existing check.
[#9098] Fixed a "Datasource error" pill staying stuck on an uptime check after it was re-pointed at a working InfluxDB datasource and saved. The warning now clears on the next list refresh.
[#9091] Added Service Principal client-secret expiry tracking and a new uptime Reminders view that lists upcoming credential expirations, soonest first, with Warning and Critical severities, so you can rotate secrets before they lapse.
Additional Azure Function uptime fixes. Queue- and timer-triggered functions with no HTTP endpoint can now be tested (leave the Endpoint URL blank for invocation-only mode); Service-Principal auth no longer fails with AADSTS1002012; and the invocation count and error rate now also appear on the dashboard card and incident detail.
[#9109] Fixed adding a user to a classic-technology load profile (Fat Client, Citrix, RDS, WVD, VMware) not being saved — the profile reported Users=0 after a successful save. User assignments are now persisted correctly so the users appear and run. Web and Core profiles were not affected.
[#9119] Fixed the SQL Server datasource setup wizard showing an empty server name when re-opening an existing datasource. The non-secret server/host is now returned on the datasource read so the wizard pre-fills it; the connection string, user id and password remain redacted.
[#9101] Fixed a parent API-testing flow failing with "Nested flow execution failed" when calling a child flow whose latest changes were saved only as a draft. A nested flow call now resolves the child's draft revision the same way running that flow directly does.
API Testing — scheduled run alerting and retries. Scheduled API-flow runs can now notify on completion (Email, Webhook, SMS, WhatsApp) by linking alert profiles to the schedule, and can retry automatically on failure with a configurable delay; alerts fire once on the final outcome.
API Testing — structured assertions and contract conformance. Assertions now return per-assertion pass/fail detail. The assert.schema node now validates the response body against a JSON Schema, a new assert.contract node validates responses against the bound OpenAPI operation, and new coverage and conformance reporting shows which operations your flows exercise. OAuth2 auth profiles (client-credentials and refresh-token grants) are now applied on requests. Upgrade note: flows that still contain unimplemented catalogued nodes (for example data.csv, control.parallel, control.retry, subflow.call) now fail that node instead of silently passing — remove or replace them.
Service Levels — public status pages. Public status pages gained branding (logo and brand color), component grouping, incident timelines, scheduled-maintenance windows (optionally excluded from SLO calculations), and 90-day uptime history bars. Password-protected pages are now served locked until they are unlocked.
Service Levels — objectives and alerting. Service-level objectives gained burn-rate (multi-window, multi-burn-rate) alert rules, preserve disabled mappings when a mapping page is saved, validate the source polling interval and bucket alignment authoritatively, and expose a bulk mappings read so dashboards avoid per-service round-trips.
Reusable Credential Profiles. A new app-wide credential store lets you save a secret once, reference it by id, and rotate it in one place. Credential profiles can back uptime checks, agent Run-as identities, monitoring test users, SQL datasources and API-testing auth; they are included in configuration backup and in cross-appliance sync (portable profiles only); and an operator-triggered migration lifts existing inline credentials into profiles with a dry-run preview. The migration option only appears when legacy inline credentials are detected, and a new admin-tier role controls who can manage profiles.
Secrets hardened at rest. Twilio auth tokens, webhook signing secrets, mail SMTP passwords and uptime-check credentials are now encrypted at rest and are no longer returned by the API (read responses are redacted; leave a secret field blank on edit to keep the stored value). Webhook delivery and alert webhooks are also validated against server-side request forgery (SSRF) before sending.
Analyse platform (foundation). Introduced the foundation of a new Analyse BI, dashboard and reporting platform: a new /analyze API surface with object-level sharing (view / edit / share) and an out-of-process reporting worker that renders reports to PDF, HTML, Excel and CSV. This is an early foundational slice; more capabilities follow in upcoming releases.
LoadGen Appliance
Air-gapped and restricted-network boot. Fixed an appliance booting to an empty container list (no web UI, no API) when an optional feature's container image could not be pulled, for example Let's Encrypt SSL or managed PostgreSQL on an air-gapped box. Boot is now two-phase and core-first: the core stack (web UI, API, MCP Server) always starts even if an optional image is unavailable, and already-deployed appliances self-heal on the next agent restart. To recover an already-affected box, remove the unpullable profile from the compose .env (or load the missing image) and restart.
[#9095] Fixed enabling managed PostgreSQL (Service Levels) dead-ending on a permanent "PostgreSQL is not reachable. Verify the container is running and POSTGRES_PASSWORD in docker-compose.yml is set." even when the container was running. The appliance now self-heals the bootstrap password so Setup completes, and the message is split into three actionable cases (container down / password not yet applied / authentication failed). Already-affected appliances heal in place with no data loss.